Hackers started exploiting new bug called shellshock,also know as bash.'Shellsocks' is most dangerous bug discovered after 'heartbleed'.According to security expert,'Shellsocks' is unlikely to affect as many computer as 'Heartbleed' because not all computer's running bash can be exploited.Still,they said the new bug is very dangerous as it can gain complete control of infected machine which lets them,destroy data,shut down networks or launch attacks on website. Amazon.com and Google have released bulletins to advise web service customers, how to protect from a new cyber threat. A Google spokesmen said that company is releasing software that patches the bug.
"We don't actually how widespread this is.this is probably one of the most difficult to measure bugs that has come along this year," said Dan Kaminsky,a well known expert on internet threats.
For an attack to be successful,target must be accessible to internet and also running a second vulnerable set of code beside bash,said security expert.
The US computer emergency readiness team(US-Cert) issued a warning about the bug at https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability.
However,some other security researchers said that patches are incomplete and would not fully secure the system. Shellshock rate 10 on the scale of vulnerability.whereas heartbleed rated 11 according to one security expert.
"There is a lot of speculation out there as to what is vulnerable,but just we don't have the answers",said Marc Maiffret, chief technology officer of cybersecurity from BeyondTrust.
Post a Comment